API Reference
The Kora Digital Banking API is a RESTful JSON API served over HTTPS.
Base URL
| Environment | Base URL |
|---|---|
| Production | https://api.korastratum.com/api/v1/banking |
| Sandbox | https://api.korastratum.com/api/v1/banking |
info
Both environments use the same base URL. Your API key prefix determines the environment.
All endpoint paths in this documentation are relative to the base URL. For example, POST /api/v1/auth/login means:
POST https://api.korastratum.com/api/v1/banking/auth/login
Required Headers
Every authenticated request must include:
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <access_token> |
X-Tenant-ID | Yes | Tenant identifier (UUID or short name like fmfb) |
Content-Type | For POST/PUT | application/json |
A few endpoints are public (no Authorization required):
GET /api/v1/theme— Tenant brandingGET /api/v1/fx-rates— Exchange ratesGET /api/v1/geo— Country/state listsGET /health— Health check
Response Format
All responses follow a consistent envelope:
Success
{
"success": true,
"data": {
// Response payload
}
}
Error
{
"success": false,
"error": "Human-readable error message",
"code": "ERROR_CODE",
"details": [],
"timestamp": "2026-02-27T14:22:00Z",
"path": "/api/v1/transfers",
"method": "POST"
}
See Error Codes for the full list.
Pagination
List endpoints accept page and limit query parameters:
GET /api/v1/transactions?page=1&limit=20
Paginated responses include metadata:
{
"success": true,
"data": {
"items": [],
"pagination": {
"page": 1,
"limit": 20,
"total": 142,
"totalPages": 8
}
}
}
Rate Limit Headers
Every response includes standard rate limit headers:
| Header | Description |
|---|---|
RateLimit-Limit | Max requests per window |
RateLimit-Remaining | Requests remaining |
RateLimit-Reset | Unix timestamp when the window resets |
When you exceed the limit, the API returns 429 Too Many Requests with code RATE_LIMIT_EXCEEDED. See Rate Limits for per-tier quotas.
Security Headers
All responses include:
| Header | Value |
|---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-XSS-Protection | 1; mode=block |
Endpoint Groups
| Group | Base Path | Description |
|---|---|---|
| Auth | /api/v1/auth | Login, logout, refresh, 2FA, sessions |
| Registration | /api/v1/registration | Sign-up, email/phone verification, password reset |
| Accounts | /api/v1/accounts | List and view accounts/wallets |
| Wallets | /api/v1/wallets | Create, freeze, unfreeze wallets |
| Transfers | /api/v1/transfers | Internal, external (NIBSS), international (SWIFT) |
| Bulk Transfers | /api/v1/bulk-transfers | Batch transfers |
| Transactions | /api/v1/transactions | History, details, analytics, statements |
| Savings | /api/v1/savings | Flexible, target, locked, group, SAYT |
| Loans | /api/v1/loans | Applications, repayment, documents |
| Loan Products | /api/v1/loan-products | Available products and calculators |
| Bill Payment | /api/v1/bill-payment | Categories, providers, payments |
| Mobile Money | /api/v1/mobile-money | Airtime, data, wallet transfers |
| KYC | /api/v1/kyc | KYC levels, requirements, submissions |
| Notifications | /api/v1/notifications | In-app and push notifications |
| Analytics | /api/v1/analytics | Dashboard, spending, customer metrics |
| Recurring | /api/v1/recurring-payments | Scheduled payments |
| Disputes | /api/v1/disputes | Transaction disputes |
| Rewards | /api/v1/rewards | Points, redemption, loyalty tiers |
| Referrals | /api/v1/referrals | Referral links and earnings |
Next Steps
- Quickstart — Make your first API call.
- Error Codes — Full error reference.
- Rate Limits — Request quotas by tier.